Slooow Internet Connection
My broadband internet connection has gradually slowed up, and is crawling along (in terms of when I started with broadband 18 months ago). I run AVG Anti Virus every day, I've just checked with Stinger for Trojans, etc., and I have Zone Alarm Firewall running in the background. So I'm pretty sure that it is not avirus attack.
My ISP is Pipex, which has been pretty reasonable over the past year. Computer- Athlon 2000, 512mb RAM. Any suggestions most appreciated. |
Hi Tosh,
There is lots of junk that accumulates on a computer over time. Let's start by getting rid of some of it. Click Start | Settings | Control Panel | Internet Options. Click on Delete files and check the box marked Delete all offline Content. When that's done, click on Clear History. The next one to clear is the Cookies file. First though, make sure that you have all your passwords written down for forums such as this.. or check to see that you still have the confirmation e-mails for them. Once you're happy that you won't have to re-register to all these sites, then click on Delete Cookies. If you haven't ever cleaned these out before, and you say the PC is 18 months old, you could have literally 10's of thousands of files here, and just getting rid of those could speed up the PC no end. Try that first.. see if it makes a difference.. if not, then please download 'Hijack This!' from here, unzip, and place it in it’s own folder, (not in the temp folder, or on the desktop) doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, click "Save Log", and copy and paste it in a reply. This will give us a rundown of what’s going on in your PC. One of us here will be glad to analyse it for you. Don’t fix anything yourself yet, as a lot of the stuff on that list will be harmless or required. Cheers Liam |
Thanks, E-Liam. I've got as far as clear cookies- where do I view them, to see what I'm going to cancel?
Thanks, Tosh Ten minutes later- Oops, I've found the cookies, and deleted them! Now, how about deleting the Temporary Internet Files- would that help? I'm going to download Hijack This now. Thanks again. Ten minutes later again- Ive tried to include the log from Hijack This, but the administrator has not allowed it- too many images or something similar?! I'll try to get through on a Private Message. |
Click 'Disable Smilies in This Post' under where you write the message... should do the trick so you can post the log.
:ok: |
I'll try posting the log again-
aLogfile of HijackThis v1.95.1 Scan saved at 20:42:34, on 21/11/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Miramar\PC MACLAN\ATMsg.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZONELABS\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\Program Files\Google\ggviewer67-67.exe C:\WINNT\system32\pctspk.exe C:\Program Files\Grisoft\AVG6\avgcc32.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Icons\SetIcon.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Kazaa Lite K++\KazaaLite.kpp C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Avant Browser\avant.exe C:\Program Files\AutoCAD R14\acad.exe C:\Program Files\AutoCAD R14\acad.exe C:\Program Files\IrfanView\i_view32.exe C:\WINNT\explorer.exe C:\Documents and Settings\James D Anderson\My Documents\(A) JAMES STUFF MISC\_DOWNLOAD ALL\_DOWNLOADED .EXE FILES\stinger.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe E:\_DOWNLOADED .EXE FILES\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pprune.org/forums/forumdi...30&forumid=104 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.white-pages.ws/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.white-pages.ws/results.php?show= R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.white-pages.ws/results.php?show= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.white-pages.ws/results.php?show= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.white-pages.ws/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: GuruNet BHO - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - C:\Program Files\Common Files\GuruNet Shared\agtbho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll O3 - Toolbar: GuruNet - {E8893D9E-169E-4a05-B0B6-FC5809D1AA77} - C:\PROGRA~1\GURUNET\Toolbar\GuruNetToolbarU.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Miramar Systems, Inc.] C:\Program Files\Miramar\PC MACLAN\atmsg.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - Startup: ~$Sticky.doc O4 - Startup: Sticky.doc O4 - Global Startup: ~WRL1387.tmp O4 - Global Startup: ~WRL2816.tmp O4 - Global Startup: ~WRL3239.tmp O4 - Global Startup: ~WRL3878.tmp O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Fill Forms (HKLM) O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM) O9 - Extra button: Save (HKLM) O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM) O9 - Extra button: RoboForm (HKLM) O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM) O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {13E23C9E-3018-4AC1-B998-C08BF1814DB0} - http://ftp.gurunet.com/pub/cabs/GNInstaller.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - file://C:\Program Files\AutoCAD 2002\SysVerChk.ocx O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith.com/codec/tsccinst.cab O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://anonymous:[email protected] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...209.5720601852 O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btopenworld.com/temp...control012.cab O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A566A020-98BE-4EAB-BF53-007A391359A6}: NameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{CE8C6951-FFF4-467D-BA55-3D94DD7EBEB2}: NameServer = 62.241.160.200 158.43.240.4 |
Hi Tosh,
I've answered your PM, and.. as mentioned, I'll check more thoroughly in the morning. Sleep beckons.. :) Cheers Liam |
E-Liam,
Connected to CWShredder, it tells me that it removed 5 infected IE registry values- here are the test results: **** Run Keys **** RUN: [PCTVOICE] pctspk.exe RUN: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup RUN: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon RUN: [Synchronization Manager] mobsync.exe /logon RUN: [Miramar Systems, Inc.] C:\Program Files\Miramar\PC MACLAN\atmsg.exe RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime RUN: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot RUN: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" RUN: [SetIcon] C:\Program Files\Icons\SetIcon.exe RUN: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" **** Browser Helper Objects **** BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll BHO: [AtBHOObj Class] C:\Program Files\Common Files\GuruNet Shared\agtbho.dll BHO: [] C:\PROGRA~1\SPYBOT~1\SDHelper.dll BHO: [] C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll BHO: [Google Toolbar Helper] c:\program files\google\googletoolbar1.dll BHO: [AcroIEToolbarHelper Class] C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll **** IE Toolbars **** TOOLBAR: [&Radio] C:\WINNT\System32\msdxm.ocx TOOLBAR: [Adobe PDF] C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll TOOLBAR: [&RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll TOOLBAR: [GuruNet] C:\PROGRA~1\GURUNET\Toolbar\GuruNetToolbarU.dll TOOLBAR: [&Google] c:\program files\google\googletoolbar1.dll **** IE Extensions **** IEExt: [Fill Forms] IEExt: [Save] IEExt: [RoboForm] **** Hosts File Entries **** HOSTS: 127.0.0.1 localhost HOSTS: 127.0.0.1 localhost **** IE Settings **** Default Page: http://www.microsoft.com/isapi/redir...r=6&ar=msnhome Local Page: C:\WINNT\system32\blank.htm Search Bar: http://www.google.com/ie Search Page: http://www.google.com **** IE Context Menu (Right click) **** IEContext: [&Google Search] res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html IEContext: [Backward Links] res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IEContext: [Cached Snapshot of Page] res://c:\program files\google\GoogleToolbar1.dll/cmcache.html IEContext: [Customize Menu &4] file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IEContext: [Fill Forms &]] file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IEContext: [GuruNet...] file:C:\Program Files\GuruNet\Html\atiemenu.htm IEContext: [Save Forms &[] file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IEContext: [Similar Pages] res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IEContext: [Translate into English] res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html **** Layered Service Providers **** LSP: MSAFD Tcpip [TCP/IP] LSP: MSAFD Tcpip [UDP/IP] LSP: RSVP UDP Service Provider LSP: RSVP TCP Service Provider LSP: MSAFD nwlnkipx [IPX] LSP: MSAFD nwlnkspx [SPX] LSP: MSAFD nwlnkspx [SPX] [Pseudo Stream] LSP: MSAFD nwlnkspx [SPX II] LSP: MSAFD nwlnkspx [SPX II] [Pseudo Stream] LSP: MSAFD AppleTalk [ADSP] LSP: MSAFD AppleTalk [ADSP] [Pseudo Stream] LSP: MSAFD AppleTalk [PAP] LSP: MSAFD AppleTalk [RTMP] LSP: MSAFD AppleTalk [ZIP] LSP: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 12 LSP: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 12 LSP: MSAFD NetBIOS [\Device\Nbf_{113F9B93-87B3-4C85-AA77-BB21774A00BA}] SEQPACKET 13 LSP: MSAFD NetBIOS [\Device\Nbf_{113F9B93-87B3-4C85-AA77-BB21774A00BA}] DATAGRAM 13 LSP: MSAFD NetBIOS [\Device\Nbf_{A566A020-98BE-4EAB-BF53-007A391359A6}] SEQPACKET 3 LSP: MSAFD NetBIOS [\Device\Nbf_{A566A020-98BE-4EAB-BF53-007A391359A6}] DATAGRAM 3 LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{853044FE-D1FA-45B7-8964-779E6B5C00BC}] SEQPACKET 4 LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{853044FE-D1FA-45B7-8964-779E6B5C00BC}] DATAGRAM 4 LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{22CACA24-DE38-4A34-BE7D-692C96751211}] SEQPACKET 5 LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{22CACA24-DE38-4A34-BE7D-692C96751211}] DATAGRAM 5 LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{FACC2C66-F481-4548-92B9-9AD725D6B898}] SEQPACKET 6 LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{FACC2C66-F481-4548-92B9-9AD725D6B898}] DATAGRAM 6 LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{0440CB41-3777-40EF-AB1C-DAFF2714F6D3}] SEQPACKET 7 LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{0440CB41-3777-40EF-AB1C-DAFF2714F6D3}] DATAGRAM 7 LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{55116BFA-02D6-49BD-827C-A2F1AFA7EB91}] SEQPACKET 8 LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{55116BFA-02D6-49BD-827C-A2F1AFA7EB91}] DATAGRAM 8 LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{61C1F62B-11FD-46D2-86BB-89ADA4FAA162}] SEQPACKET 9 LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{61C1F62B-11FD-46D2-86BB-89ADA4FAA162}] DATAGRAM 9 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{113F9B93-87B3-4C85-AA77-BB21774A00BA}] SEQPACKET 14 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{113F9B93-87B3-4C85-AA77-BB21774A00BA}] DATAGRAM 14 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A566A020-98BE-4EAB-BF53-007A391359A6}] SEQPACKET 0 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A566A020-98BE-4EAB-BF53-007A391359A6}] DATAGRAM 0 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D23BA655-3BA1-4C1E-B2DB-9B0F09F5DB9D}] SEQPACKET 1 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D23BA655-3BA1-4C1E-B2DB-9B0F09F5DB9D}] DATAGRAM 1 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{361F32D5-7EC7-437D-9143-A85D16CB1E64}] SEQPACKET 2 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{361F32D5-7EC7-437D-9143-A85D16CB1E64}] DATAGRAM 2 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3350071D-5B80-40B2-86C0-DB73114FC0F1}] SEQPACKET 10 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3350071D-5B80-40B2-86C0-DB73114FC0F1}] DATAGRAM 10 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CE8C6951-FFF4-467D-BA55-3D94DD7EBEB2}] SEQPACKET 11 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CE8C6951-FFF4-467D-BA55-3D94DD7EBEB2}] DATAGRAM 11 **** Blocked Control Panel Items **** BLOCKED: [ncpa.cpl] No BLOCKED: [odbccp32.cpl] No **** Downloaded Program Files **** DirectAnimation Java Classes [file://C:\WINNT\Java\classes\dajava.cab] Microsoft XML Parser for Java [file://C:\WINNT\Java\classes\xmldso.cab] ppctlcab [http://www.pestscan.com/scanner/ppctlcab.cab] C:\WINNT\Downloaded Program Files\ppctl.dll {0E5F0222-96B9-11D3-8997-00104BD12D94} [http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB] C:\WINNT\System32\sysres.dll C:\WINNT\Downloaded Program Files\DiskFAU.dll C:\WINNT\Downloaded Program Files\PCPitstop.dll {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} [http://www.musicnotes.com/download/mnviewer.cab] {13E23C9E-3018-4AC1-B998-C08BF1814DB0} [http://ftp.gurunet.com/pub/cabs/GNInstaller.cab] {166B1BCA-3F9C-11CF-8075-444553540000} [http://download.macromedia.com/pub/s...irector/sw.cab] {2FC9A21E-2069-4E47-8235-36318989DB13} [http://www.pestscan.com/scanner/axscanner.cab] {4C39376E-FA9D-4349-BACC-D305C1750EF3} [http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab] {737D14F8-4090-11D4-AE0E-0010830243BD} [file://C:\Program Files\AutoCAD 2002\SysVerChk.ocx] {74D05D43-3236-11D4-BDCD-00C04F9A3B61} [http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab] C:\WINNT\tmupdate.ini C:\WINNT\runtsckl.exe C:\WINNT\patchw32.dll C:\WINNT\Downloaded Program Files\xscan53.ocx {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} [http://www.techsmith.com/codec/tsccinst.cab] {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} [http://toolbar.google.com/data/GoogleActivate.cab] {917623D1-D8E5-11D2-BE8B-00104B06BDE3} [http://anonymous:[email protected]] {9F1C11AA-197B-4942-BA54-47A8489BB47F} [http://v4.windowsupdate.microsoft.co...209.5720601852] {AE9DCB17-F804-11D2-A44A-0020182C1446} [file://D:\SuperCD\IntraLaunch.CAB] {D27CDB6E-AE6D-11CF-96B8-444553540000} [http://fpdownload.macromedia.com/pub...sh/swflash.cab] {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} [http://register.btopenworld.com/temp...control012.cab] {F281A59C-7B65-11D3-8617-0010830243BD} [file://C:\Program Files\AutoCAD 2002\AcPreview.ocx] {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} [http://fdl.msn.com/public/chat/msnchat45.cab] **** Custom IE Search Items **** SEARCH: [SearchAssistant] about:blank SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm Thanks for your help! |
Hi Tosh,
It's looking promising so far. Could you please post up a new HJT log, and we'll see if anything's left that needs getting rid of. Cheers Liam |
E-Liam,
Your good work certainly seems to have done the trick! I certainly notice an improvement in speed. Thanks. Tosh. Here's the latest HiJack This log: Logfile of HijackThis v1.97.7 Scan saved at 20:34:07, on 22/11/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZONELABS\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\Program Files\Google\ggviewer67-67.exe C:\WINNT\system32\pctspk.exe C:\Program Files\Grisoft\AVG6\avgcc32.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Icons\SetIcon.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\Kazaa Lite K++\KazaaLite.kpp C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe C:\Program Files\Avant Browser\avant.exe C:\WINNT\explorer.exe c:\Program Files\interMute\SpySubtract\SpySub.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\James D Anderson\My Documents\(A) JAMES STUFF MISC\_DOWNLOAD ALL\_DOWNLOADED .EXE FILES\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pprune.org/forums/forumdi...30&forumid=104 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: GuruNet BHO - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - C:\Program Files\Common Files\GuruNet Shared\agtbho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll O3 - Toolbar: GuruNet - {E8893D9E-169E-4a05-B0B6-FC5809D1AA77} - C:\PROGRA~1\GURUNET\Toolbar\GuruNetToolbarU.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Miramar Systems, Inc.] C:\Program Files\Miramar\PC MACLAN\atmsg.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - Startup: ~$Sticky.doc O4 - Startup: Sticky.doc O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe O4 - Global Startup: ~WRL1387.tmp O4 - Global Startup: ~WRL2816.tmp O4 - Global Startup: ~WRL3239.tmp O4 - Global Startup: ~WRL3878.tmp O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Fill Forms (HKLM) O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM) O9 - Extra button: Save (HKLM) O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM) O9 - Extra button: RoboForm (HKLM) O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM) O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {13E23C9E-3018-4AC1-B998-C08BF1814DB0} - http://ftp.gurunet.com/pub/cabs/GNInstaller.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - file://C:\Program Files\AutoCAD 2002\SysVerChk.ocx O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith.com/codec/tsccinst.cab O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://anonymous:[email protected] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...209.5720601852 O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btopenworld.com/temp...control012.cab O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A566A020-98BE-4EAB-BF53-007A391359A6}: NameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{CE8C6951-FFF4-467D-BA55-3D94DD7EBEB2}: NameServer = 62.241.160.200 158.43.240.4 |
Hi Tosh,
Sorry about the delay in getting abck to you.. I saw the reply last night, but had one too many sweet sherries, to actually do anything about it.. :D The first thing you need to do, is to place Hijack This in it’s own folder (e.g. C:\HJT\….) so it can generate backup files to the same folder; needed should an entry be accidentally deleted. Then please run a new HJT! Scan, and check to fix the following entries, being sure to double check that you haven't missed any. Next, close all browser windows and click the Fix checked button… R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about :blank O4 - Startup: ~$Sticky.doc O4 - Startup: Sticky.doc O4 - Global Startup: ~WRL1387.tmp O4 - Global Startup: ~WRL2816.tmp O4 - Global Startup: ~WRL3239.tmp O4 - Global Startup: ~WRL3878.tmp Then boot into safe mode, (see here for info if needed) and delete the entire contents of the C:\Windows\Temp (or C:\WINNT\Temp) folder, but not the folder itself. Then please boot back into normal mode and download AdAware SE from here. First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files. Next, we need to configure Ad-aware for a full scan. Click on the Gear icon (second from the left) to access the preferences/settings window 1. In the General window make sure the following are selected: · Automatically save log-file · Automatically quarantine objects prior to removal · Safe Mode (always request confirmation) 2. Click on the Scanning button on the left and select : · Scan Within Archives · Scan Active Processes · Scan Registry · Deep Scan Registry · Scan my IE favorites for banned URL’s · Scan my Hosts file · Under Click here to select drives + folders, choose: · All of your hard drives | Proceed 3. Click on the Advanced button on the left and select: · Include additional process information · Include additional file information · Include environment information 4. Click the Tweak button and select: · Under the Scanning Engine: · Unload recognized processes & modules during scan · Include additional Ad-aware settings in logfile · Under the Cleaning Engine: · Let Windows remove files in use at next reboot 5. Click on Proceed to save the settings. 6. Click Start and on the next screen choose: · Use Custom Scanning Options 7. Click Next and Ad-aware will scan your hard drive(s) with the options you have selected. When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next). Next, please reboot again and download Spybot - Search & Destroy 1.3 from here: if you haven't already got the program. Click on Updates | Download Updates, and follow the prompts. Next, close all Internet Explorer windows, and click Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in RED. Next reboot and go here, and run the online virus scan; choosing the Autoclean option just before clicking the Scan button. Then please post a new log for a final once over. Cheers Liam |
All times are GMT. The time now is 09:02. |
Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.